Crystal Enterprise 10 is susceptible to a buffer overrun vulnerability when processing JPEG images.
44f3dbafce0afee0e6f35a3f1b8901e9bbaf77d048f1b9552d87257ceb870f8d<html>
<h1>Buffer overrun vulnerability when processing JPEG images in Crystal products</h1>
<p><b>The information in the article refers to:<br>
</b>
Crystal Reports 10</td>
<p><b>Applies to:</b>
<p>Reported version only<br>
Crystal Enterprise 10<br>
GDI+ JPEG vulnerability<br>
</p>
<p><b>Synopsis</b></p>
<p>Certain Crystal products contain a security vulnerability when processing Joint Photographic Experts Group (JPEG) image files. <br>
<br>
The vulnerability is due to a Microsoft component (Gdiplus.dll) included with certain versions of Crystal Reports and Crystal Enterprise. Certain versions of this component could allow remote code execution resulting in an attacker gaining complete control of an affected system or computer. <br>
<br>
For more information on the vulnerability, refer to Microsoft Security Bulletin MS04-028 on Microsoft's TechNet web site at: <br>
<br>
<A Href="http://www.microsoft.com/technet">http://www.microsoft.com/technet</A> <br>
<br>
Search for "Security Bulletin MS04-028" <br>
</p>
<p><b>Solution</b></p>
<p>Crystal products affected by this vulnerability include: <br>
<br>
• Crystal Reports 10 <br>
• Crystal Enterprise 10 <br>
• Crystal Reports 9 <br>
• Crystal Enterprise 9 <br>
<br>
These products are bundled with a version of the Gdiplus.dll that is vulnerable to remote code execution. Gdiplus.dll is installed by the above Crystal products at these locations: <br>
<br>
Version 10: <br>
C:\Program Files\Common Files\Crystal Decisions\2.5\bin <br>
<br>
Version 9: <br>
C:\Program Files\Common Files\Crystal Decisions\2.0\bin <br>
<br>
The copies at these locations are used only by Crystal Reports and Crystal Enterprise. Note that Security Updates for Microsoft operating systems and products will not update the copies at the above locations. <br>
<br>
Critical Updates are available for the above products as listed below. These updates provide an updated Gdiplus.dll and may also provide updates to other Crystal files. A complete list of what files are included in each update is listed below. <br>
<br>
<br>
Crystal Reports 10 and Crystal Enterprise 10 <br>
---------------------------------------------------- <br>
<br>
For Crystal Reports 10 and Crystal Enterprise 10, the Critical Update for this issue is available at the following location: <br>
<br>
<A Href="ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/v10_gdiplus_critical_update.zip">ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/v10_gdiplus_critical_update.zip</A> <br>
<br>
Run the EXE file included in the ZIP file on all computers with Crystal Reports or Crystal Enterprise installed. The update only needs to be run once on computers with both products. <br>
<br>
The update includes the following component versions: <br>
<br>
Gdiplus.dll, version 5.1.3102.1360, dated 5/4/2004 <br>
ActiveXViewer.cab, dated 10/1/2004 <br>
Crviewer.dll, version 10.0.5.822, dated 10/1/2004 <br>
Crviewer.dep, dated 9/30/2004 <br>
Reportparameterdialog.dll, version 10.0.5.677, dated 10/1/2004 <br>
Sviewhlp.dll, version 10.0.5.822, dated 10/1/2004 <br>
Swebrs.dll, version 10.0.5.822, dated 10/1/2004 <br>
<br>
For runtime environments or third party applications using the ActiveX viewer that do not contain a copy of either installed products, download an updated copy of the ActiveXViewer.cab file here: <br>
<br>
<A Href="ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ActiveXViewer_gdiplus_critical_update.zip">ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ActiveXViewer_gdiplus_critical_update.zip</A> <br>
<br>
The ActiveXViewer.cab file for version 10 products includes a copy of the vulnerable Gdiplus.dll and requires updating. <br>
<br>
Updated merge modules are also available that contain these updated files. Merge Modules can be found at: <br>
<br>
<A Href="http://support.businessobjects.com/mergemodules">http://support.businessobjects.com/mergemodules</A> <br>
<br>
<br>
Crystal Reports 9 and Crystal Enterprise 9 <br>
-------------------------------------------------- <br>
<br>
For Crystal Reports 9 and Crystal Enterprise 9, the Critical Update for this issue is available at the following location: <br>
<br>
<A Href="ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/v9_gdiplus_critical_update.zip">ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/v9_gdiplus_critical_update.zip</A> <br>
<br>
Run the EXE file included in the ZIP file on all computers with Crystal Reports or Crystal Enterprise installed. The update only needs to be run once on computers with both products. <br>
<br>
The update includes the following components: <br>
<br>
Gdiplus.dll, version 5.1.3102.1360, dated 5/4/2004 <br>
<br>
Updated merge modules are also available that contain an updated Gdiplus.dll. Merge Modules can be found at: <br>
<br>
<A Href="http://support.businessobjects.com/mergemodules">http://support.businessobjects.com/mergemodules</A> <br>
</p>
<hr size="1" align="left" width="95%" color="#ECECEC">
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tr>
<td valign="top" align="left" width="50%">
<p><b>Category:</b><br>
<b>Subject:</b><br>
<b>Topic:</b><br>
<b>Keywords:</b></p>
</td>
<td valign="top" align="left">
<p>
Report Designer<br>
Formatting<br>
OLE Objects/Pictures<br>
CRITICAL UPDATE GDI+ JPEG IMAGES</p>
</td>
</tr>
</table>
<hr size="1" align="left" width="95%" color="#ECECEC">
<table border="0" width="100%" cellpadding="0">
<tr id="%StandingID">
<td width="50%" nowrap align="left">
<p>
Status:</td>
<td>
<p>
Verified</td>
</tr>
<tr id="%Product_NameID">
<td width="50%" nowrap align="left">
<p>
Product:</td>
<td>
<p>
Crystal Reports Advanced</td>
</tr>
<tr id="%Rn_DescriptorID">
<td width="50%" nowrap align="left">
<p>
Reported Version:</td>
<td>
<p>
10.0.0.0 Crystal Reports Advanced Edition</td>
</tr>
<tr id="%Applies_toID">
<td width="50%" nowrap align="left">
<p>
Applies to:</td>
<td>
<p>
Reported version only</td>
</tr>
<tr id="%BitsID">
<td width="50%" nowrap align="left">
<p>
Bit Version:</td>
<td>
<p>
32 Bit</td>
</tr>
</table>
<hr size="1" align="left" width="95%" color="#ECECEC">
</div>
<div id="rightcolumn">
<a href="#" onclick="setActiveStyleSheet('default'); return false;"><img class="fontbuttons" src="/global/images/nav_images/font_minus_icon.gif" width="18" height="22" border="0" /></a>
<a href="#" onclick="setActiveStyleSheet('large'); return false;"><img class="fontbuttons" src="/global/images/nav_images/font_plus_icon.gif" width="19" height="22" border="0" /></a>
<a href="#" onclick="window.print()"><img class="printbutton" src="/global/images/nav_images/print_icon.gif" width="64" height="22" border="0" alt="This button will print this page properly formatted for paper." /></a>
<p>
<b>Article ID:</b><br>
c2016358</p>
<p>
<b>Created:</b><br>
2004/10/05</p>
<p>
<b>Published:</b><br>
2004/10/06</p></td>
<p>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed